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CLAIMS 

What is claimed is: 

1 . A packet monitor for examining all packets passing through a connection point on a 
computer network, the monitor comprising: 

(a) a packet acquisition device coupled to the connection point and configured to 
receive packets passing through the connection point; and 

(b) a memory for storing a database comprising none or more flow-entries for 
previously encountered conversational flows to which a received packet may 
belong; 

(c) a lookup engine coupled to the packet acquisition device configured to lookup 
whether a received packet belongs to a flow in the flow-entry database, and to 
determine the state of the flow for the received packet in the case that the packet 
belongs to a flow-entry; 

(d) a state determining mechanism coupled to the lookup engine to determine the 
state of a flow in the case that the received packet does not belong to a flow in the 
flow-entry database; atnd , . .... 

(e) a state processor coupled to the lookup engine and to the state determining 
mechanism configured to perform any state operations specified for the state of 
the flow starting from the last encountered state of the flow in the case that the 
packet is from an existing flow, and to perform any state operations required for 
the initial state of the new flow in the case that the packet is from an existing 
flow. 

2. A monitor according to claim 1, wherein the set of possible state operations that the 
state processor is configured to perform includes searching for one or more patterns in the 
packet portions. 

3. A monitor according to claim 2, wherein the monitor processes all packets passing 
through the connection point in real time. 
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A monitor according to claim 2, wherein the state processor is programmable, the 
monitor further including a state patterns/operations memory coupled to the state 
processor, the state operations memory configured to store a database state 
patterns/operations. 

A monitor according to claim 1, further including a buffer coupled to the packet 
acquisition device, to the state processor, and to the lookup engine, the buffer configured 
to accepting at least selected portions of the received packet. 

A monitor according to claim 5, wherein the state processor includes a searching 
apparatus configured to search for a reference string of NR units in the buffer contents, the 
searching apparatus comprising: 

(i) a first reference register configured to receive the NR units of a first reference 
string; 

(ii) one or more target data registers coupled in series and coupled to the buffer, 
the target data registers configured to receive contents from the buffer; and 

(iii) a first plurality of comparator sets, one comparator set corresponding to each of 
a set of starting positions in the target data registers, the comparator set of a 
particular starting position coupled to each unit of the first reference register and to 
NR units of the target data registers starting from the particular starting position 
and comparing the first reference register contents to corresponding contents of 
NR contiguous units of the target data registers starting from the particular starting 
position, 

such that each comparator set indicates if there is a match of the first reference string in 
the target data starting from its corresponding different starting position, 

whereby the first plurality of comparator sets indicates in parallel if the first reference 
string is contained in the target data registers starting at any of the starting positions. 

A processor configured to process contents of packets passing through a connection 
point on a computer network, the processor comprising: 
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(a) a buffer for receiving at least some of the contents of each packet passing 
through the connection point; 

(b) a memory containing one or more instructions of an instruction set for the state 
processor; 

(c) an arithmetic logic unit (ALU) coupled to the buffer; 

(d) a control block coupled to the ALU and to the instruction memory for decoding 
instructions; and 

(e) a program counter coupled to the instruction memory and to the ALU for 
indicating the next state processor instruction in the memory to process, 

wherein the ALU includes a searching apparatus comprising one or more comparators for 
searching for a reference string in the contents of a packet. 

8. A processor according to claim 7, wherein the state processor processes contents of all 
packets passing through the connection point in real time. 

9. A processor according to claim 7, wherein the instruction set includes an instruction 
for invoking the searching apparatus of the ALU to search for a specified reference string 
in the packet starting at an unknown location within a range of the packet. 

10. A processor according to claim 7, wherein the searching apparatus searches for any of 
a set of reference strings in the contents of a packet, and wherein the instruction set 
includes an instruction for invoking the searching apparatus to search for any of a set of 
specified reference strings in the packet starting at an unknown location within a range of 
the packet. 

1 L A searching apparatus configured to search for a reference string of NR units in target 
data starting from any of a set of starting positions within the target data, the searching 
apparatus comprising: 

(a) a first reference register configured to receive the NR units of a first reference 
string; 
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(b) one or more target data registers coupled in series to receive the target data; 
and 

(c) a first plurality of comparator sets, one comparator set corresponding to each of 
the starting positions, the comparator set of a particular starting position coupled to 

5 each unit of the first reference register and to NR units of the target data registers 

starting from the particular starting position and comparing the first reference 
register contents to corresponding contents of NR contiguous units of the target 
data registers starting from the particular starting position, 

such that each comparator set indicates if there is a match of the first reference string in 
10 the target data starting from its corresponding different starting position, 

whereby the first plurality of comparator sets indicates in parallel if the first reference 
string is contained in the target data registers starting at any of the starting positions. 

12. A searching apparatus according to claim 11, wherein the set of possible starting 
positions includes Nstart positions, wherein the one or more target data registers are 

15 coupled in series to receive at least NR+Nstart-1 units of the target data, and wherein the 
first plurality of comparator sets includes Nstart comparator sets, one comparator set for 
each of the Nstart starting positions. 

13. A searching apparatus according to claim 12, wherein each of the target data registers 
holds Nstart units of data. 

20 14. A searching apparatus according to claim 13, wherein Nstart units of the target data 
are clocked into the target data registers in one clock cycle, such that the first plurality of 
comparator sets indicates in one clock cycle if the first reference string is in the target area 
starting at any of the Nstart starting positions. 

15. A searching apparatus according to claim 14', further comprising a mechanism to 
25 specify an offset Noffset, wherein during the first clock cycle of operation, the first 

Noffset starting positions are ignored such that the first plurality of comparator sets 
indicates in the first clock cycle if the first reference string is in the target area starting at 
any of the Nstart- Noffset starting positions of the first data register that start after the first 
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Noffset starting positions, and wherein during subsequent clock cycles all Nstart starting 
positions are considered, 

whereby in one or more clock cycles, the searching apparatus indicates if the first 
reference string is in the target data starting anywhere other than the first Noffset units. 

5 16. A searching apparatus according to claim 1 1, wherein each comparator set includes 
NR consecutive comparators, each comparator having a reference unit input, a target unit 
input, and an output indicating a match, each comparator coupled to the previous 
comparator's output such that the output of a comparator is asserted when the reference 
and target data inputs match and the previous comparator's output indicates a match. 

10 17. A searching apparatus according to claim 1 1, further comprising: 

(d) one or more further reference register for receiving NR units of one or more 
further reference strings; and 

(e) one or more further pluralities of comparator sets, one comparator set for each 
of a corresponding plurality of starting positions, each particular comparator set of 

15 each further plurality coupled to each unit of the corresponding further reference 

register and to NR units of the data registers starting from the particular 
comparator set's starting position and comparing the corresponding further 
reference register contents to NR units of the target data registers starting from the 
particular comparator set's starting position, 

20 such that the searching apparatus searches for any one of the first or further reference 
strings of NR units in contents of the target registers starting from any of the starting 
positions. 

1 8. A searching apparatus according to claim 17, wherein each comparator set includes 
NR consecutive comparators, each comparator having a reference unit input, a target data 
25 unit input, and an output indicating a match, each comparator coupled to the previous 

comparator's output such that the output of a comparator is asserted when the reference 
and target data inputs match and the previous comparator's output indicates a match. 
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19. A searching apparatus according to claim 1 1, wherein each comparator set includes 
NR consecutive comparators, each comparator having a reference unit input, a target data 
unit input, an enable input, and an output indicating a match, such that the match output of 
a comparator is asserted when the reference and target inputs match and the enable input is 
asserted, 

wherein for a particular set of comparators for a particular starting position, the reference 
inputs of consecutive comparators are coupled to consecutive units of the reference 
register, the target data inputs of consecutive comparators are coupled to consecutive units 
of the target data registers starting at the particular starting location, the first comparator of 
the set is enabled, and the enable input of each comparator is coupled to the output of the 
previous comparator, such that the output of the final comparator is asserted when the NR 
units of the reference string and the NR units of the target data agree. 

20. A searching apparatus according to claim 1 1, wherein the unit is a byte. 

21. A searching apparatus according to claim 19, wherein the final comparator outputs of 
the sets are coupled to a priority selector having an output indicating if and where a match 
of the reference string occurred in the target data. 

22. A searching apparatus according to claim 20, wherein NR is 16 bytes. 

23. A searching apparatus according to claim 12, wherein NR is 16 bytes and wherein 
each of the data registers has Nstart bytes, such that the searching apparatus indicates a 
match starting anywhere within the first data register. 

24. A searching apparatus configured to search for a reference string of NR units in a 
target data stream, the apparatus comprising: 

(a) a first NR-unit comparator having NR pairs of inputs and an output indicating a 
match of each pair of the NR-pairs of inputs; and 

(b) NR connections indicating values of the reference string and defining a first 
axis of a matrix, and NR connections indicating values of the target data defining a 
second axis of the matrix perpendicular to the first axis, the target data connections 
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starting from a first starting location of the target data and ending at an ending 
location, 

wherein the first comparator is oriented along the diagonal of the matrix such that NR 
connections of the target data are compared to the NR reference string connections. 

A searching apparatus according to claim 24, further comprising: 

additional one or more contiguous connections parallel and contiguous to the 
target data connections in the matrix and starting from the ending location; and 

an additional NR-unit comparator for and corresponding to each of the 
additional target data connections, each additional comparators parallel to the first 
comparator and shifted towards the additional target connections in the matrix, 

such that each additional comparator compares the reference string to a different set of NR 
units continuous values of the target data starting from a different staring point. 

A searching apparatus according to claim 25, further comprising: 

one or more further sets of NR-unit comparators; and 

further sets connections corresponding for the further sets of NR-unit 
comparators, the further connections defining one or more additional matrices, 
each further set of connections along the first axis indicating values of one or more 
' - corresponding further reference strings^along the first axis, and NR connections 
indicating values of the target data along the second axis, 

such that each additional comparator set compares the corresponding one of the reference 
strings to a different set of NR contiguous values of the target data starting from a 
different staring point. 



